我可以使用logstash.conf创建索引。我的输入类型是凝胶。我正在将日志存储日志发送到 kibana。这是我的logstash.conf
input
{ gelf { }
}
output
{
stdout { codec => rubydebug }
elasticsearch {
hosts => ["elk.lera.com:80"]
index => "templeton-math-%{+YYYY.MM.dd}"
}
elasticsearch {
hosts => ["elk.lera.com:80"]
index => "templeton-science-%{+YYYY.MM.dd}"
}
elasticsearch {
hosts => ["elk.lera.com:80"]
index => "templeton-bio-%{+YYYY.MM.dd}"
}
elasticsearch {
hosts => ["elk.lera.com:80"]
index => "templeton-lang-%{+YYYY.MM.dd}"
}
}
问题:日志现在发送到所有索引。 我想将日志发送到相应的索引。
我添加了喜欢
if[tag] == "templeton-math"{
elasticsearch {
hosts => ["elk.lera.com:80"]
index => "templeton-math-%{+YYYY.MM.dd}"
}
}
它给出了一个错误INFO logstash.agent - 未找到持久性 UUID 文件。Generate new UUID {:uuid=>"67f7a48e-fc7c-499b-85a0-3fd6979f88f6", :p ath=>"/var/lib/logstash/uuid"}14:58:14.308 [LogStash::Runner] 错误 logstash.agent - 无法创建管道 {:reason=>"在输出后第 22 行第 9 列(字节 179)的 #、=> 之一 \{\ elasticsearch { hosts "}2017-10-11 14:58:14,355 API Web服务器错误 找不到log4j2配置文件。使用默认配置:仅将错误记录到控制台。
试试这个。
output {
stdout { codec => rubydebug }
if [tag] == "templeton-math" {
elasticsearch {
hosts => ["elk.lera.com:80"]
index => "templeton-math-%{+YYYY.MM.dd}"
}
}
if [tag] == "templeton-science" {
elasticsearch {
hosts => ["elk.lera.com:80"]
index => "templeton-science-%{+YYYY.MM.dd}"
}
}
if [tag] == "templeton-bio" {
elasticsearch {
hosts => ["elk.lera.com:80"]
index => "templeton-bio-%{+YYYY.MM.dd}"
}
}
if [tag] == "templeton-lang" {
elasticsearch {
hosts => ["elk.lera.com:80"]
index => "templeton-lang-%{+YYYY.MM.dd}"
}
}
}